Pages

Friday, May 15, 2015

============================================we losing the war on cyber criminals. One of the newer reasons is "wetware" as noted in the article below.

============================================

Wetware: The
Major Data Security Threat You've Never Heard Of

Posted: 05/14/2015 7:06 am EDT Updated:
05/14/2015 9:59 am EDT

For the first time, according to a recent study, criminal
and state-sponsored hacks have surpassed human error as the leading cause of
health care data breaches, and it could be costing the industry as much as $6
billion. With an average organization cost of $2.1 million per breach, the
results of the study give rise to a question: How do you define human error?

More than half of the respondents in the Ponemon
Institute's Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data,
said their organization's incident response team was underfunded or
understaffed and roughly one third of respondents had no incident response plan
in place at all--zip, nada, zilch--a fact that beggars the imagination at a
moment when breaches have become
the third certainty in life, and one that highlights the seeming
no-show of the "first do no harm" approach to patients on the data
breach-prone operations side of the health care industry.

While it is disconcerting that there isn't a more robust
incident response culture out there, perhaps more worrisome is the seeming lack
of best practices pointed at heading off the problem before it happens. That's
where a new term comes into play.

Wetware is a term of art used by hackers to describe a
non-firmware, hardware or software approach to getting the information they
want to pilfer. In other words, people. (The human body is more than 60 percent
water.) Wetware intrusions happen when a hacker exploits employee trust,
predictable behavior or the failure to follow security protocols. It can be a
spearphishing email, a crooked employee on the take or a file found
while Dumpster diving -- and, of course, all stripe of things in between.
Whatever it is, there's a human being involved.

The findings of the Ponemon Institute study point to the
dire need for better wetware precautions when it comes to the security of
health care records. Consider that 40 percent of the health organizations in
the study reported more than five breaches in the past two years.

According to the study, since 2010 "the percentage
of respondents who said their organization had multiple breaches increased from
60% to 79%." Also by no means inconsequential is the fact that medical
identity theft -- where an imposter uses a victim's credentials to obtain
health care--nearly doubled in the past five years, from 1.4 million adult
victims to more than 2.3 million in 2014.

The breaches comprising these figures were not all the
size or severity of Anthem
or Premera, which combined leaked extremely sensitive personally identifiable
information like Social Security numbers, birth dates and bank account numbers
belonging to more than 91 million consumers. While the $2.1 million average
cost to health care organizations is eye-catching, it involved incidents with
an average of 2,700 lost or stolen records, a figure that runs the gamut from
Anthem and Premera to breaches that were decidedly on the smaller side.

As Larry Ponemon rightly pointed out in an interview with
Dark Reading, while many of the incidents involved the exposure of "less
than 100 records," that in no way trivializes those events. According to
the study, "Many medical identity theft victims report they have spent an
average of $13,500 to restore their
credit, reimburse their health care provider for fraudulent claims
and correct inaccuracies in their health records."

With 91 percent of the health care companies who
responded to the study's questions reporting at least one incident in the
preceding two years, it's clear that whatever we're doing to address the health care
breach problem is woefully inadequate. What's more, it is clear that
the problem is wetware. Better practices need to become part of the work
culture in the health care industry.

When participating organizations in the study were asked
what worried them the most (with three responses permitted), 70 percent said
the biggest concern was a negligent or careless employee. That figure was
followed by 40 percent of respondents who thought cyber attackers were the
bigger worry and 33 percent who were worried about the security of public cloud
servers. Respondents also cited insecure mobile apps (13 percent) and insecure
medical devices (6 percent).

With 96 percent of respondents saying that they had a
security incident involving lost or stolen devices, the fact that cyber attacks
-- state-backed and criminal -- are the leading cause of breaches should keep
you up at night, but the more terrifying take-away here is that doubtless many
of those attacks wouldn't be possible were it not for the human factor. There
is plenty of overlap between the proactive criminal and the clumsy employee to
make these figures start to seem like so much digital rain in a lost scene from
"The Matrix."

These days, smartphones and tablets are on the
most-compromised or stolen list. Earlier on in the data breach pandemic, laptop
computers and desktops were at the top of that list. While it is interesting on
some level how the information gets compromised, at the end of the day, a
breach is a breach is a breach. Health care industry: you're all wet.

The bottom line here is that hackers of all stripe are
having a field day because the wetware problem has been largely unaddressed,
and until people become the alpha and omega of the process that leads to a zero
tolerance solution, data breaches will continue apace.

==============================================Good Netiquette And A Green Internet To All!

In addition to this blog, Netiquette IQ has a website with great
assets which are being added to on a regular basis. I have authored the
premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve,
Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge
Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon
follow by a trilogy of books on Netiquette for young people. You can view my
profile, reviews of the book and content excerpts at:

If you would like to listen
to experts in all aspects of Netiquette and communication, try my radio show on
BlogtalkRadio
Additionally, I provide content for an online newsletter via paper.li. I
have also established Netiquette discussion groups with Linkedin and Yahoo. I am
also a member of the International Business Etiquette and Protocol Group and
Minding Manners among others. Further, I regularly consult for the Gerson
Lehrman Group, a worldwide network of subject matter experts and have been a
contributor to numerous blogs and publications.

Lastly, I
am the founder and president of Tabula
Rosa Systems, a company that provides “best of breed” products for network,
security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT
product information for virtually anyone.

No comments:

Post a Comment

About Us

Tabula Rosa Systems (TRS) is dedicated to providing Best of Breed Technology and Best of Class Professional Services to our Clients. We have a portfolio of products which we have selected for their capabilities, viability and value.